I am trying to make an LDAP authentication system using IBM Worklight Studio 6.2.0.01
The login system works fine, no problem with that part, but the logout function doesn't actually log out the user!
Realm:
<realm loginModule="LDAPLoginModule" name="LDAPRealm">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
</realm>
LoginModule:
<loginModule name="LDAPLoginModule">
<className>com.worklight.core.auth.ext.LdapLoginModule</className>
<parameter name="ldapProviderUrl" value="<Correct LDAP URL ( For security left blank on stackoverflow )>"/>
<parameter name="ldapTimeoutMs" value="2000"/>
<parameter name="ldapSecurityAuthentication" value="simple"/>
<parameter name="validationType" value="exists"/>
<parameter name="ldapSecurityPrincipalPattern" value="{username}"/>
</loginModule>
SecurityTest:
<customSecurityTest name="LDAPSecurityTest">
<test realm="wl_directUpdateRealm" step="1"/>
<test isInternalUserID="true" realm="LDAPRealm"/>
</customSecurityTest>
AdapterXML (important part)
<procedure name="getUsername" securityTest="LDAPSecurityTest" />
<procedure name="onLogout" />
AdapterJS
function getUsername(){
return {username: ""};
}
function onLogout(){
WL.Server.setActiveUser("LDAPRealm", null);
}
The getUsername function gets called everytime the app wants to check if a user is currently logged in, it has NO function other than that.
The logout function (App-side)
$scope.setUsername = function(){
var invocationData = { adapter: "DummyAdapter", procedure: "getUsername"}
WL.Client.invokeProcedure(invocationData, {
onSuccess: function(result){},
onFailure: function(result){);
}
$scope.logout = function(){
WL.Client.logout("LDAPRealm", {onSuccess: $scope.setUsername});
}
Result: This makes the app go to the login page by noticing the user has logged out, only problem is.. it hasn't completely logged out the user. What can I do to make the user completely logged out?
PS: Why don't I use WL.Client.reloadApp after WL.Client.logout()? Two reasons:
White screen and reloading the whole app is just dirty, it's not user friendly at all.
WL.Client.reloadApp gives a fatal signal 11 ( code 1 ) on Android Lollipop ( Android 5.0 ). At least, this is with my worklight version (6.2.0.01).
Please, is there a way I can avoid WL.Client.reloadApp and still log out the user from the server? If not: What may cause the fatal signal 11 ( code 1 ) error in Android Lollipop? I've tested it thoroughly on iOS 8.0, Android 2.3.5, Android 4.4.2 and Android 5.0. Only one that fails is the 5.0
Thank you and sorry for the long post
I have fixed the problem by removing the WL.Client.reloadApp function from logout onsuccess, I did this as such:
$scope.logout = function(){
WL.Client.logout("LDAPRealm", {onSuccess: function(){
$scope.setUsername() // <-- this function is the secret function
// that triggers the securitytest
// which then gives back the login page because
// you had just logged out :)
}});
}
As for the adapter not logging out the user: This comment was false, this bug was originating from another problem. So my code which was posted on StackOverflow was fine. But still:
Android 5.0 and WL.Client.reloadApp don't go to well (5th November 2014 in case an update fixes this)
Related
I am using a FormBasedAuthenticator with SingleIdentityLoginModule on IBM MobileFirst platform v7.0.
<realm loginModule="StrongDummy" name="PageAccess">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
</realm>
<loginModule name="StrongDummy" expirationInSeconds="-1">
<className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
</loginModule>
I'm invoking this as seen below:
var reqURL = '/j_security_check';
var options = {};
options.parameters = {
j_username : "admin",
j_password : "admin"
};
options.headers = {};
sampleAppRealmChallengeHandler.submitLoginForm(reqURL, options, $rootScope.sampleAppRealmChallengeHandler.submitLoginFormCallback);
When I try to login using any credentials it shows an error "SingleIdentityLoginModule missing console.username paramater".
I'm not sure what I'm missing here or where to put that "console.username" parameter.
Please see attached image.
The single identity login module is used to grant access to a protected resource to a single user, the identity of which is defined in the worklight.properties file. Use this module only for test purposes.
More details in the link here.
POC for MobileFirst 8.0 version apps and I created sample apps and maven based adapter. Finally I invoked that adapter index.js file to call the adapter its working fine when I used browser simulator but its not working while I installed android device I got below that error in android LOGCAT,
[ERROR:xwalk_autofill_client.cc(121)] Not implemented reached in virtual void xwalk::XWalkAutofillClient::OnFirstUserGestureObserved()
How to resolve this issue.
please find the implementation below.
adapter
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed Materials - Property of IBM
5725-I43 (C) Copyright IBM Corp. 2011, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use, duplication or
disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
-->
<mfp:adapter name="HttpAdapter"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mfp="http://www.ibm.com/mfp/integration"
xmlns:http="http://www.ibm.com/mfp/integration/http">
<displayName>HttpAdapter</displayName>
<description>HttpAdapter</description>
<connectivity>
<connectionPolicy xsi:type="http:HTTPConnectionPolicyType">
<protocol>https</protocol>
<domain>mobilefirstplatform.ibmcloud.com</domain>
<port>443</port>
<connectionTimeoutInMilliseconds>30000</connectionTimeoutInMilliseconds>
<socketTimeoutInMilliseconds>30000</socketTimeoutInMilliseconds>
<maxConcurrentConnectionsPerNode>50</maxConcurrentConnectionsPerNode>
</connectionPolicy>
</connectivity>
<procedure name="getFeed" secured="false"/>
<procedure name="unprotected" secured="false"/>
</mfp:adapter>
adapter implementation
function getFeed(tag) {
var input = {
method : 'get',
returnedContentType : 'xml',
path : getPath(tag)
};
return MFP.Server.invokeHttp(input);
}
/**
* Helper function to build the URL path.
*/
function getPath(tag){
if(tag === undefined || tag === ''){
return 'feed.xml';
} else {
return 'blog/atom/' + tag + '.xml';
}
}
/**
* #returns ok
*/
function unprotected(param) {
return {result : "Hello from unprotected resource"};
}
apps implementation
function myFunction(){
console.log('==================== inside calling ==================');
var resourceRequest = new WLResourceRequest(
"/adapters/HttpAdapter/getFeed",
WLResourceRequest.GET,3000
);
resourceRequest.setQueryParameter("params", "['']");
resourceRequest.send().then(
function(response) {
alert("------- success " +JSON.stringify(response));
},
function() {
alert("----------- >>> errror ------");
}
)
}
Please use mata tag in your HTML file it will resolve your issues for android.
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'" />
i have started to develop and implement adapter successfully in ibm web console and also android mobile browser simulator. But when installed in my real test device the adapter is not able to connect to the database. i do no where to find error log in mobile.
currentPage={};
currentPage.init = function() {
WL.Logger.debug("Page2 :: init");
};
currentPage.back = function(){
WL.Logger.debug("Page2 :: back");
$("#pagePort").load(pagesHistory.pop());
};
function loadSQLRecords(){
var invocationData = {
adapter : 'dball',
procedure : 'getDball',
parameters : []
};
WL.Client.invokeProcedure(invocationData,{
onSuccess : loadSQLQuerySuccess,
onFailure : loadSQLQueryFailure
});
}
function loadSQLQuerySuccess(result){
alert ("success");
if (result.invocationResult.resultSet.length > 0)
displayFeeds(result.invocationResult.resultSet);
else
alert("failure here");
}
function loadSQLQueryFailure() {
alert ("failure");
}
function displayFeeds(result){
for (var i = 0; i < result.length; i++) {
$("#mytable").append("<tr><td>" + result[i].EMPID + "</td></tr>");
$("#mytable").append("<tr><td>" + result[i].EMPNAME + "</td></tr>");
$("#mytable").append("<tr><td>" + result[i].EMAILID + "</td></tr>");
}
}
<?xml version="1.0" encoding="UTF-8" ?>
- <!-- Licensed Materials - Property of IBM
5725-I43 (C) Copyright IBM Corp. 2011, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use, duplication or
disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
-->
- <wl:adapter name="dball" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wl="http://www.ibm.com/mfp/integration" xmlns:sql="http://www.ibm.com/mfp/integration/sql">
<displayName>dball</displayName>
<description>dball</description>
- <connectivity>
- <connectionPolicy xsi:type="sql:SQLConnectionPolicy">
- <!-- Example for using a JNDI data source, replace with actual data source name
-->
- <!-- <dataSourceJNDIName>java:/data-source-jndi-name</dataSourceJNDIName>
-->
- <!-- Example for using MySQL connector, do not forget to put the MySQL connector library in the project's lib folder
-->
- <dataSourceDefinition>
<driverClass>oracle.jdbc.driver.OracleDriver</driverClass>
<url>jdbc:oracle:thin:#192.168.*.***:****:****</url>
<user>****</user>
<password>****</password>
</dataSourceDefinition>
</connectionPolicy>
</connectivity>
- <!-- Replace this with appropriate procedures
-->
<procedure name="getDball" />
<procedure name="addDball" />
</wl:adapter>
I took your project and changed the database settings to connect to mine instead (MySQL). The connection was successful and data was saved in the database.
Even if forcing it to fail, it does not fail with "Error is UNDEFINED", so I still believe this does have to do with your Oracle database settings. 192.168 is internal IP address - it is not available as a public IP address even if you think it is. It does not. You need to check this with your IT department and get the real IP address of your database.
I am using Worklight 6.1 and am using a challange handler to determine if my user is logged or not.
Once logged in, I have the following code attached to my logout button in my app:
on(logoutBtn, "click", lang.hitch(this, function() {
WL.Client.logout('AdapterAuthRealm', { onSuccess:lang.hitch(this, function() {
this.gotoView("login");
}), onFailure:lang.hitch(this, function() {
WL.Logger.error("Unable to logout");
})});
return false;
}));
Clicking it opens the login view, but when the user tries to login again, the following error is shown:
"Cannot change identity of an already logged in user in realm 'AdapterAuthRealm'.
The application must logout first."`
According to the following SO question:
Worklight: WL.Server.setActiveUser - Cann't modify - Illegal State: Cannot change identity
I will first have to clear the active user before setting a new one:
WL.Server.setActiveUser("AdapterAuthRealm", null);
I actually expected WL.Client.logout to do this automaticly, but doing so myself in my onLogout function in my adapter does not seem to have any effect:
<realm loginModule="NonValidatingLoginModule" name="AdapterAuthRealm">
<className>com.worklight.integration.auth.AdapterAuthenticator</className>
<parameter name="login-function" value="PortalAdapter.onAuthRequired"/>
<parameter name="logout-function" value="PortalAdapter.onLogout"/>
</realm>
And
function onLogout() {
WL.Logger.info("invoke logout request");
WL.Server.setActiveUser("AdapterAuthRealm", null);
var input = {
method : 'get',
returnedContentType : 'text/plain',
path : '/logoutUrl'
};
WL.Server.invokeHttp(input);
}
Adding it to my login function in my adapter as follows:
var userIdentity = { userId: username, displayName: username, attributes: {}};
WL.Server.setActiveUser("AdapterAuthRealm", null);
WL.Server.setActiveUser("AdapterAuthRealm", userIdentity);
Results in an infenite loop of login / logout requests of my app.
My questions:
When/where am I supposed to clear my active user?
When using a challange handler, is it allowed to use the WL.Client.logout method?
Your realm should have a logout function which should point to adapter procedure to logout. you can add this as a parameter for realm.
you can add the WL.Server.setActiveUser("AdapterAuthRealm",null); to the onLogout() procedure in adapter
<realm loginModule="loginModule" name="AdapterAuthRealm">
<className>com.worklight.integration.auth.AdapterAuthenticator</className>
<parameter name="login-function" value="LoginAdapter.onAuthRequired"/>
<parameter name="logout-function" value="LoginAdapter.onLogout"/>
</realm>
2 Yes. you can use WL.Client.Logout();` when using challenge handler
Hi I am using worklight 6.1 and WebSphere 8
I am getting following error
[ERROR ] FWLSE0059E: Login into realm 'WASLTPAModule' failed. SRVE0190E: File not found: /login.html. [project Streebo] SRVE0190E: File not found: /login.html [ERROR ] FWLSE0117E: Error code: 4, error description: AUTHENTICATION_ERROR, error message: An error occurred while performing authentication using loginModule WASLTPAModule, User Identity Not available. [project Streebo] [project Streebo] [WARNING ] SRVE0190E: File not found: /login.html
Here are the things what I did
authenticationConfig.xml
<mobileSecurityTest name="mobileTests">
<testAppAuthenticity/>
<testDeviceId provisioningType="none" />
<testUser realm="WASLTPARealm" />
</mobileSecurityTest>
<!-- For websphere -->
<realm name="WASLTPARealm" loginModule="WASLTPAModule"><className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
<parameter name="login-page" value="/login.html"/>
<parameter name="error-page" value="/loginError.html"/>
</realm>
<!-- For websphere -->
<loginModule name="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
</loginModule>
Adapter Entry
WASAuth.xml
<procedure name="getAuth" securityTest="mobileTests"/>
WASAuth-impl.js
function getAuth() {
return {'key1':'authh'};
}
Challenge Handler
var challengeHandler;
challengeHandler = WL.Client.createChallengeHandler('WASLTPARealm');
initOptions.js
connectOnStartup : false,
main.js
function wlCommonInit(){
WL.Client.connect({
onSuccess: onConnectSuccess,
onFailure: onConnectFailure
});
and its going in onSuccess
function onConnectSuccess() {
alert('on connect success in wlCommonInit() in main.js');
var invocationData = {
adapter : 'WASAuth',
procedure : 'getAuth',
parameters : []
};
var options = {
onSuccess : function(res) {
alert('procedure getAuth success with res: '+res);
},
onFailure : function() {
alert('procedure getAuth Failures');
}
};
WL.Client.invokeProcedure(invocationData, options);
};
So its coming in success function and when It calls adapter and following error comes
[ERROR ] FWLSE0059E: Login into realm 'WASLTPAModule' failed. SRVE0190E: File not found: /login.html. [project Streebo]
SRVE0190E: File not found: /login.html
[ERROR ] FWLSE0117E: Error code: 4, error description: AUTHENTICATION_ERROR, error message: An error occurred while performing authentication using loginModule WASLTPAModule, User Identity Not available. [project Streebo] [project Streebo]
[WARNING ] SRVE0190E: File not found: /login.html
And I already have login.html and loginError.html in root folder of my war and also have login.html in conf
Please guide me to resolve this issue
Appreciate
Please verify you have named the files login.html and loginError.html exactly. Please also verify you have placed these in the root of the war file that you have deployed to your server. You can expand the war file you have deployed to double check. Also make sure your login.html file has valid structure such as the example provided:
<html>
<head>
<title>Login</title>
</head>
<body>
<form method="post" action="j_security_check">
<input type="text"
id="j_username"
name="j_username"
placeholder="User name" />
<input type="password"
id="j_password"
name="j_password"
placeholder="Password" />
<input type="submit" id="login" name="login" value="Log In" />
</form>
</body>
</html>
As well as the structure of your loginError.html page:
<html>
<head>
<title>Login Error</title>
</head>
<body>
An error occurred while trying to log in.
</body>
</html>
For more detailed instructions and troubleshooting please look at the following:
LTPA Training Module:
http://public.dhe.ibm.com/software/mobile-solutions/worklight/docs/v610/08_06_WebSphere_LTPA_based_authentication.pdf
LTPA Infocenter Instructions
https://pic.dhe.ibm.com/infocenter/wrklight/v6r1m0/index.jsp?topic=%2Fcom.ibm.worklight.deploy.doc%2Fadmin%2Ft_configuring_WL_LTPA_realm.html
For MobileFirst Platform v6.3
\MobileFirstServerConfig\servers\worklight\apps
Find the app that you are trying to test ltpa with.
Assuming the project name is FormBasedAuth. Then the corresponding war file is FormBasedAuth.war
Using WinRAR to open it.
Go to your studio workbench, in your project > expand server > expand conf > copy the login.html into the FormBasedAuth.war that is already opened in WinRAR
you could also create a loginError.html and put that into the FormBaseAuth.war
Make sure that you place FormBaseAuth.war back to \MobileFirstServerConfig\servers\worklight\apps
Now in the studio, server view > Stop the test server. Wait for it to stop.
Start the test server again.
Now when you test, this error will be gone.
Similar procedure for the standalone server, just your war file might be different.